[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] ISC DHCP Client [3.0.x to 4.2.x] Arbitrary Command Execution (CVE-2011-0997)
- To: full-disclosure <full-disclosure@xxxxxxxxxxxxxxxxx>
- Subject: Re: [Full-disclosure] ISC DHCP Client [3.0.x to 4.2.x] Arbitrary Command Execution (CVE-2011-0997)
- From: Nick FitzGerald <nick@xxxxxxxxxxxxxxxxxxx>
- Date: Thu, 07 Apr 2011 09:20:53 +1200
coderman to Valdis.Kletnieks:
> > Otherwise if a valid dhcp server hands you foo.bar.baz.example.com your
> > hostname
> > just became foobarbazexamplecom - whoops.
>
> a DHCP server should not reply with a FQDN as hostname.
>
> hostname 'foo' at domainname 'bar.baz.example.com' is legit though...
So Valdis' complaint about the "fix:
new_host_name=${new_host_name//[^a-zA-Z0-9]/}
still partly stands.
They should at least have gone with:
new_host_name=${new_host_name//[^-a-zA-Z0-9]/}
as hyphens are valid in host names.
Whether the code should gracefully handle itself in misconfigured
environments, or more, to what extent it should, is ultimately up to
the developers, so they can quibble over the dot character...
Regards,
Nick FitzGerald
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/